Synchronizing Users and Groups with Azure AD
KB Home | Synchronizing Users and Groups with Azure AD
PaperCut’s strength has long been in our ability to support user and group synchronization with many directory services. This capability has now been tested against directory services hosted in the cloud, such as Azure AD. For PaperCut customers, this means you no longer need to have an on-site Active Directory server. PaperCut can sync directly with, and authenticate users against Azure AD using Secure LDAP; Microsoft’s LDAP interface hardened to support authentication across less secured networks such as the internet.
This article will step you through enabling the Secure LDAP interface on Azure AD, and successfully connecting an instance of PaperCut to this cloud source.
Enable Secure LDAP in Azure AD Domain Services
You will need,
- A certificate to enable secure communication
- Use PKCS#12 (PFX in Microsoft terms)
- 2048-bit is recommended
- Password protected (i.e. includes the private key)
- Further explanation on PKCS#12 certificates can be found here, https://en.wikipedia.org/wiki/PKCS_12
- Your users and groups should exist in Azure AD
- You can login as an AAD DC Administrator for the domain to sync
- A certificate to enable secure communication
Enable Secure LDAP
- Login to Azure
- In the Azure Dashboard for All resources select Azure AD Domain Services for the resource to sync
- On the left-side menu, in the Manage section, select Secure LDAP
- Select Enable for Secure LDAP
- Select Enable for Allow Secure LDAP access over the Internet
- You will be prompted for the certificate file and password
- It could take Azure 10–15 minutes to enable Secure LDAP
- Still on the Azure AD Domain Services, select Properties on the left-side menu
- Copy the “Secure LDAP external IP address”
Here’s a Microsoft article on Secure LDAP,
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap
Configure the PaperCut Primary Sync Source
- Login to PaperCut with an admin account
(http://[your server]:9191/admin)
- Select the Options tab on the left-side menu
- Select the User/Group Sync tab across the top
- In the Sync Source group, select LDAP in the Primary sync source
- For the LDAP Server Type, select Active Directory
- The LDAP Server Address is your LDAP external address copied above from Azure AD
- Check the Use SSL option
- The Base DN is your Azure DNS Domain Name (e.g. dc=papercut, dc=onmicrosoft, dc=com)
- Admin DN is your Azure AD domain user name
- Admin password is your Azure AD domain admin password
- Select whether you want to import all users or select groups
- Scroll down and click Apply
- Click Test Settings
- Assuming everything looks good in the sync test, Click Synchronize Now
- To finalize the setup it’s always a great idea to login as a user and send a test print.
Make sure to take a look at our video too
Related PaperCut articles that are very interesting
- Synchronize user and group details with LDAP
- Synchronize user and group details with Active Directory
Categories: Administration, User/Group Sync
Keywords: Azure, Administration, LDAP, Cloud
Comments
Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.
Article last modified on September 07, 2017, at 10:17 PM
Printable View | Article History | Edit Article